We at Bigspin were delighted to be a launch partner for Microsoft’s new Agent Control Specification (ACS), which was announced at Microsoft Build yesterday. ACS is a fully open (MIT-licensed) framework  for making agentic workflows more controllable and secure. Bigspin + ACS is a powerful stack for monitoring and shaping agentic systems; Bigspin surfaces the patterns that need enforcement, and ACS provides a firm technical foundation for the enforcement step.

The challenge that ACS is addressing feels incredibly urgent to us. As is common with new technologies, agentic systems were initially designed to be powerful and expressive, with security and predictability taking a backseat. This felt exciting for a very brief moment, and then everyone started scrambling to get control of their agents and avoid security nightmares.

Bigspin’s primary users are often the people closest to these problems: they are product managers and technical leads who are tasked with monitoring their organization’s deployed agentic systems. This is a daunting task in the current moment because pretty much anything can go wrong (and what can go wrong eventually will), and true fixes are often elusive.

We try to ensure that the Bigspin agent always surfaces some positive insights for these folks, but there is often no way to sugarcoat it: the agents are misbehaving. Some of the problems are tractable and well-known – for example, the agent says it used a tool when it did not, or it uses a tool but then ignores the tool’s output and confidently proceeds with its own fabrications. At the other end of the spectrum, our embattled PM might discover that their agents are ignoring critical prompt instructions, enabling problematic user behaviors, and gaslighting their poor users.

We think ACS can help substantially in reducing the frequency and severity of these problems. The essence of it is that ACS provides specific interception points that allow for tight, modular control over how the system behaves. These controls are outside of the agentic system being governed, and most of them can be expressed as deterministic rules. In other words, we are approaching something like a set of guarantees. Disciplined use of ACS should turn an amorphous, untamed agent system into one that we can confidently reason about and control.

Problems will still arise, of course; every agentic system requires constant shaping in response to new usage patterns and emerging risks. The real question is how quickly they can be resolved. Here again, we think ACS will be a significant asset, because we expect to be able to trace emerging issues directly to missing ACS interventions or shortcomings of existing ACS interventions. In the context of a five-alarm fire, this is highly impactful for the entire organization and its customers.

ACS is part of Microsoft’s Agent Governance Toolkit, which is also open-source (MIT-licensed). We are eager to see how these tools evolve in response to both innovations and challenges for agentic systems, and we are looking forward to contributing to this effort ourselves. Many thanks to Mohammad Abuomar, Mohamed Elmergawi, Ilvens Jean, Mehrnoosh Sameki, and Mike Shi at Microsoft. It was rewarding to swap stories of agents misbehaving with this group and think creatively about how ACS might help get them in line!